In recent years, the popularity of the Internet and, particularly websites that facilitate financial transactions as well as managing personal information, has exploded. At the same time, however, the ability to replicate websites, and the content provided by those websites, has become very commonplace. In order to provide security for transactional and personal information, websites often require a user to present credentials (e.g., username and password, digital certificate, passphrase, biometric, etc.) in order to verify the user and determine that the user should have access to the information. Despite these security measures to verify users, an individual user may be tricked, for example, into providing credentials to a fraudulent website that has replicated an original website that the individual user intended to access. In this way, the operator of the fraudulent website, having captured verifiable credentials from the individual user, may access the original website and perform fraudulent activity while appearing to be the individual user.
Phishing is a term commonly used to refer to a class of attacks that utilize a fraudulent replicated website to trick an individual user into providing the individual user's credentials to an unintended third party (e.g., an operator of the fraudulent website). In one common approach, the unintended third party sends a message (e.g., e-mail, text, social media post, etc.) to the targeted individual. The message, for example, appears to be from a legitimate source, such as a bank, service provider or other legitimate organization with which the targeted individual has an existing relationship. Typically, the message indicates the targeted individual should, or otherwise invites the targeted individual to, access a website operated by the legitimate organization. The message also includes, for example, a link or other means purported to provide such indicated or otherwise invited access. Unbeknownst to the targeted individual, however, the included link or other means actually links to a fraudulent replicated website operated by the unintended third party.
If the targeted individual user, for example, selects the link or other means, the targeted individual will be directed to a website that appears to be operated by the legitimate organization when, in fact, the website is a fraudulent replica operated by the unintended third party. Such deception may be enhanced by pulling, in various ways, original content directly from the website operated by the legitimate organization and presenting this original content to the targeted individual user. The targeted individual user, believing the fraudulent replica to be the website operated by the legitimate organization, may then proceed to provide credentials of the targeted individual user, for example, as part of a log in procedure. Once the fraudulent replica website has captured the provided credentials, the fraudulent replica website may then refer the targeted individual user to the website operated by the legitimate organization. Such referral may, for example, include the provided credentials and prompt a log in procedure to be performed by the website operated by the legitimate organization such that the targeted individual user is logged in to the legitimate website operated by the legitimate organization. In this way, the targeted individual user is provided, ultimately, with access to desired transactional or personal information from the website operated by the legitimate organization without realizing the credentials have been provided to and captured by the fraudulent replica website. The operator of the fraudulent replica website, for example, may then utilize the captured credentials to also access the website operated by the legitimate organization to perform fraudulent activity.